9 minute read
6. Conclusions
As it has been said at the beginning of this guide, it is not the role of risk managers to know everything up front, but to prepare for what might happen, using the ERM arsenal that they have in their hands and being aware that the future will never be identical to past trends, irrespective of the data available25. Therefore, dealing with resilience is dealing with uncertainty and unknowns. That puts significant challenges to any kind of “objective” measurements but can be overcome by more accurate and timely data gathering about people’s perceptions through new risk analytics and RiskTechs based on Natural Language Processing (NLP) and innovative data visualisations26. An appropriate way to deal with risk velocity and change is still required27 since valuable data could be already available in ERM and ERP systems but not yet properly or completely used by organisations28. Thus, systems, people, processes and practices must be integrated so that emerging risks can be closely monitored. Over this Organisational Resilience Project, the IRM Innovation SIG has been able to understand better how risk managers, Board members and consultants see the challenges and opportunities to organisations building resilience capabilities and embedding them into their cultures. It became clear that organisational resilience is not just about techniques and operational resilience, but it is also a change in the organisations and individuals’ strategic mindset and risk culture, which needs to be adapted in order to be prepared to deal with constant changes presented globally by the current VUCA environment. This guide demonstrates that the construction of resilience capabilities is a challenge in itself since the definition of resilience differs among disciplines, individuals, corporations, roles, departments and hierarchical levels. From an ERM perspective, we must be careful to maintain a positive tone while dealing with organisational resilience in order to recognise its required characteristics to manage both downside and upside risks. The former could be represented by aspects such as organisational preparedness, robustness, adaptability and bounce back capabilities. However, the latter must also be acknowledged since resilience can represent a competitive advantage to the long-term continuity and sustainability of institutions. Resilient organisations thus would be able to see resilience as an enabler to enhance organisational competitiveness, growth, and strength, which may end up re-shaping particular practices and points of view (Bell, 2020)29 .
Throughout the resilience evolution within different business contexts, risk management has always been part of this process. However, the ERM framework, as an upside risk management proposition, might have sat as a distinct function with varying degrees of connectivity, or not, to ‘resilience’ in organisational settings. Nevertheless, the powerful combination of risk management and resilience enables firms to achieve a fully integrated understanding of business exposure, preparedness, adequacy, direction, absorption and responsiveness capacities to reduce the likelihood and magnitude of potential and actual disruptions’ impact. Therefore, ERM performs a pivotal, powerful and integrating role in organisational resilience’s development and maintenance.
The integrated organisational resilience model (presented in Figure 1) demonstrates operational and strategic components of organisational resilience that must be integrated into an ERM framework, enabling individuals and companies to translate preventive disciplines scattered solutions into a universal control panel that monitors, check and measures how enhancing resilience capabilities are affecting organisations’ value, communication and culture as well as how these aspects may interfere with operational capabilities and practices.
25 See more at: https://www.theirm.org/news/the-resilience-value-proposition/ 26 See more at: https://www.soluxr.com/ 27 Smith, K., & Borodzicz, E. (2008). Risk clockspeed: a new lens for critical incident management and response. The Systemist, 30(2), 345-370. 28 See more at: https://www.mercandco.com/post/in-with-the-old-2-evolution-of-supply-chain-risk-and-resilience 29 Bell, G. (2020). The Organizational Resilience Handbook: A Practical Guide to Achieving Greater Resilience. London: Kogan.
The different perspectives presented among the participants of our study demonstrates that there are still divergences in different levels of an organisation’s hierarchy, so Boards must be aware of unfulfilled expectations regarding (untested) resilience capabilities and risk management assurance. Thus, expectations must be translated into a strategic perspective of resilience across disciplines and practices embedded in a supportive culture in order to avoid becoming only an operational tick-box exercise. Risk managers thus may work as enablers for the creation of integrated and holistic resilience capabilities that are not only a characteristic of particular professionals but reflect the interest of companies. We demonstrate that, although some companies seem to have chosen to wait until real crises to move up, mature and strengthen their resilience capabilities, disruptions are not a prerequisite to companies’ awareness about the need to build up resilience capabilities. Resilience must go beyond the desire of individuals to represent the requirements of an era and the environment where companies are operating. For that reason, consultants have been working on the alignment of Board expectations and organisational resilience capabilities through tests, checks and monitoring exercises of the response of actual capabilities when they are put into stress testing and scenarios. Unfortunately, the Covid-19 pandemic crisis has proven that companies may not be as prepared as they thought they were, and the available time to adapt is shrinking in front of our eyes. Our guide presents possible solutions to some of the problems observed above. First, it is crucial that more education and clarity regarding how resilience claims are translated into practices are introduced through training programmes and open communication channels to specific issues faced inside each corporation. Second, this information must be timely and accurate. Therefore, ERP and performance evaluation systems must be adapted to the digital era and staff at all levels must be encouraged to share challenges and opportunities experienced in their daily routines and horizon scanning exercises. Third, we must understand how to deal with the unexpected and the complexity that surrounds us all. Beyond risk registers and lessons from what has gone wrong, we must be aware of emerging risks and what is coming next. War games and scenario planning and analyses can enable us to see the future ahead and changes that may not be as far away as we previously considered. For that reason, the IRM has been working on many fronts to prepare the next generation of risk professionals in this and other matters. Special Interest Groups have been launched to deal with prompting problems in our society, such as the digital revolution, climate change and complex systems. Furthermore, the IRM is expanding its operations in other countries and connecting people from all over the world in different sections and areas of expertise to create a more holistic and integrated view of threats and opportunities that businesses will (and are) face(ing). These initiatives have been translated into training courses and certifications, which are now available to a wider public through online platforms that aim to democratise this knowledge and prepare risk professionals to deal with resilience and other issues confronting organisations and society. This report represents the intent of the IRM and the Innovation SIG to enable risk professionals to see beyond their daily routine and activities, always moving beyond compliance to make sure that ERM maintains its value as a strategic, relevant management tool that enables companies to achieve their most desired goals and objectives. In this regard, for example, an important debate during the production of this guide was related to where ERM should sit. By the end, our proposition was that given that organisational resilience seems to fit quite nicely within the ERM framework and provide a new language to its claims, then concerns regarding resilience must be comprehended as a (more mature) component of the ERM within companies. Indeed, the proposition that organisational resilience reinforces old claims from ERM frameworks appears to hold true. Value is added when change is viewed holistically across all disciplines of the organisation. Risk culture, as well as the general culture of an organisation, can be shaped and embedded through a shared context and shared ideas across all hierarchical levels and departments.
Nonetheless, the main aim of this guide is to break silos and old paradigms regarding claims of power and status among organisational actors. Resilience provides us with terminology to show that managing risks is certainly not only about avoiding potential threats that may or may not materialise at a certain moment in time. It is not about CRO’s neurosis or hysteria and permanent preoccupation, but about a constant state of awareness that should mark the profile of those working in the current VUCA world economic environment. In this regard, resilience is about organisational and individual preparedness, the development of capabilities to respond as well as (re)establish functional operations, which should be considered before, during and after disruptions. We cannot wait for the next wave to reach us to learn how to swim; at that point, it will be too late.
Therefore, ultimately, this guide reinforces the ERM’s claim to break the silos and the boundaries stated as limits to both risk management, organisational resilience as well as other protective disciplines. We can work better together. We work better thinking with our whole brain, recognising blind spots, moving towards an open conversation regarding our strengths and weaknesses in order to share our experience, expertise and data. Thus, resilience is ultimately about collaboration. For that reason, we aim here not to create and increase further the division among protective disciplines and experts but create an open platform for collaboration. More than ever before, we see that power relies on bringing different perspectives and data together, thinking holistic and integrating understandings. Certainly, that may not happen as harmoniously as it sounds, but it is the role of risk managers to spark this sentiment across departments and hierarchies: we are here together, for one another, we are one. One species on our planet, fighting for a better world. Not just for one of us, but for all of us, to humanity and to what goes beyond human beings, to all species, to the whole world. Without any doubt, that will require the support of many: analysts, managers, directors, Boards, investors and governments. But we can do it if we believe. Perhaps that has been the strongest lesson left by the Covid-19 pandemic to all of us. Yes, we can have a different world, and (perhaps) a better world. Yes, we can look after each other and put lives before money and power. Yes, we can think about a better world, a more harmonious world, where the whole of humanity is working and thinking about a single goal, a better goal, to make the world better, more sustainable, more harmonious, more resilient for us all to survive. Yes, (perhaps) we can (if we believe). It is important to (re) emphasise that this guide does not intend to represent an ultimate and universal answer to the problem that organisations face while trying to build resilience capabilities. We acknowledge that this problem is a lot more complex than what is portrayed here. For that reason, our SIG would like to leave an open door for further discussions and shared experiences on this topic. If you would like to share ideas or cases regarding how the proposition presented here has helped you to reflect upon and rethink some of your risk management practices and experience, please, contact us through our emails and social media platforms. We are looking forward to hearing from you too. Many Thanks, IRM Innovation SIG